Sigstore (AI Artefacts)

Sigstore is an open-source project for signing, verifying, and protecting software artefacts. Applied to AI, Sigstore can be used to sign model weights, prompts, and agent deployment packages — providing a cryptographic chain of custody that verifies an artefact has not been tampered with since it was published by a trusted source.